Page 101 - Cyber Warnings
P. 101
Trump s Cybersecurity Executive Order: A Promising Start to
Securing Digital Infrastructure...But Don t Forget What s Beyond
the Firewall
By Lou Manousos, CEO, RiskIQ
After some high-profile cyberattacks and information breaches, the cybersecurity posture of the
U.S. government has never been more front and center in the public consciousness.
Following President Trump's signing of an executive order calling for the strengthening of the
cybersecurity of federal networks and critical infrastructure, the tools and processes of
government security teams will be under even more intense scrutiny.
There’s no doubt that lots of this focus will fall on the modernizing of internal networks including
moving to shared IT services and the cloud—and rightly so.
But to be in full compliance with the new guidelines outlined in the order, agencies will still have
to deal with a lingering blind spot comprised of thousands of unknown and unmanaged internet-
facing assets that are potential inroads for cyberattacks and data breaches.
With ever-changing administrations, projects, and initiatives, those in control of processes and
initiatives for today's agencies aren't necessarily the people who started them.
The result is a digital debris field of assets that security teams aren't aware they own, which
hackers can target to devastating effect.
This dilemma doesn’t affect agencies only: according to the 2017 Verizon Data Breach
Investigations Report, more than 75% of the incidents that lead to data breaches originate
externally, almost half of which target unknown—and thus unmanaged—digital assets.
Given this new threat landscape, government organizations need to keep visibility outside the
firewall in mind while revamping their cybersecurity tools, as major threats no longer need to
traverse the traditional computer environments that they control.
For example, even the hardest, most robust network defenses could not have stopped the very
simple phishing campaign targeting former Chairman of the Democratic National Committee
(DNC) John Podesta, which resulted in the outing of private communication that shook the
political foundation of the U.S.
Phishing remains one of the most efficient ways for threat actors to compromise legitimate
credentials and gain access to sensitive information, financial details, and critical systems—
RiskIQ detected 158,904 phishing incidents a day in 2016—but there's a whole laundry list of
threats that do not directly target corporate networks.
101 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
